test_kasan.ko # insmod test_kasan.ko [ 101.420931] test_kasan: no symbol version for module_layout [ 101.470457] kasan test: kmalloc_oob_right out-of-bounds to right [ 101.477653] ================================================================== [ 101.485794] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x54/0x6c [test_kasan] [ 101.494242] Write of size 1 at addr cb7dcdfb by task insmod/1453 [ 101.500584] [ 101.502400] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 101.512802] Hardware name: Broadcom STB (Flattened Device Tree) [ 101.519288] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 101.527663] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 101.535547] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 101.544868] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 101.554822] [] (kasan_report) from [] (kmalloc_oob_right+0x54/0x6c [test_kasan]) [ 101.565384] [] (kmalloc_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x10/0x35c [test_kasan]) [ 101.577390] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 101.587716] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 101.596532] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 101.605249] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 101.613918] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 101.622490] [ 101.624203] Allocated by task 1453: [ 101.628107] kmem_cache_alloc_trace+0xb4/0x170 [ 101.633291] kmalloc_oob_right+0x30/0x6c [test_kasan] [ 101.639099] kmalloc_tests_init+0x10/0x35c [test_kasan] [ 101.644726] do_one_initcall+0x60/0x1b0 [ 101.648937] do_init_module+0xd4/0x2cc [ 101.653057] load_module+0x3110/0x3af0 [ 101.657178] SyS_init_module+0x184/0x1bc [ 101.661500] ret_fast_syscall+0x0/0x48 [ 101.665511] [ 101.667219] Freed by task 0: [ 101.670362] (stack is not available) [ 101.674201] [ 101.675972] The buggy address belongs to the object at cb7dcd80 [ 101.675972] which belongs to the cache kmalloc-128 of size 128 [ 101.688518] The buggy address is located 123 bytes inside of [ 101.688518] 128-byte region [cb7dcd80, cb7dce00) [ 101.699465] The buggy address belongs to the page: [ 101.704622] page:ee967b80 count:1 mapcount:0 mapping:cb7dc000 index:0x0 [ 101.711646] flags: 0x100(slab) [ 101.715164] raw: 00000100 cb7dc000 00000000 00000015 00000001 ee96b514 ee95e8f4 d00000c0 [ 101.723765] page dumped because: kasan: bad access detected [ 101.729653] [ 101.731366] Memory state around the buggy address: [ 101.736565] cb7dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.743559] cb7dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.750547] >cb7dcd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 [ 101.757462] ^ [ 101.764367] cb7dce00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 101.771363] cb7dce80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 101.778274] ================================================================== [ 101.786797] kasan test: kmalloc_oob_left out-of-bounds to left [ 101.793807] ================================================================== [ 101.801963] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x54/0x74 [test_kasan] [ 101.810337] Read of size 1 at addr cb18227f by task insmod/1453 [ 101.816588] [ 101.818405] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 101.828800] Hardware name: Broadcom STB (Flattened Device Tree) [ 101.835292] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 101.843683] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 101.851578] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 101.860909] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 101.870850] [] (kasan_report) from [] (kmalloc_oob_left+0x54/0x74 [test_kasan]) [ 101.881361] [] (kmalloc_oob_left [test_kasan]) from [] (kmalloc_tests_init+0x14/0x35c [test_kasan]) [ 101.893292] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 101.903621] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 101.912438] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 101.921154] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 101.929822] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 101.938404] [ 101.940113] Allocated by task 0: [ 101.943601] (stack is not available) [ 101.947442] [ 101.949150] Freed by task 0: [ 101.952288] (stack is not available) [ 101.956127] [ 101.957888] The buggy address belongs to the object at cb182200 [ 101.957888] which belongs to the cache kmalloc-64 of size 64 [ 101.970258] The buggy address is located 63 bytes to the right of [ 101.970258] 64-byte region [cb182200, cb182240) [ 101.981570] The buggy address belongs to the page: [ 101.986721] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0 [ 101.993742] flags: 0x100(slab) [ 101.997267] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000 [ 102.005866] page dumped because: kasan: bad access detected [ 102.011758] [ 102.013467] Memory state around the buggy address: [ 102.018660] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.025646] cb182180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.032634] >cb182200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.039547] ^ [ 102.046443] cb182280: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.053430] cb182300: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.060342] ================================================================== [ 102.068609] kasan test: kmalloc_node_oob_right kmalloc_node(): out-of-bounds to right [ 102.077848] ================================================================== [ 102.085999] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x58/0x70 [test_kasan] [ 102.094898] Write of size 1 at addr cac85900 by task insmod/1453 [ 102.101237] [ 102.103055] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 102.113456] Hardware name: Broadcom STB (Flattened Device Tree) [ 102.119943] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 102.128327] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 102.136222] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 102.145567] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 102.155516] [] (kasan_report) from [] (kmalloc_node_oob_right+0x58/0x70 [test_kasan]) [ 102.166571] [] (kmalloc_node_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x18/0x35c [test_kasan]) [ 102.179031] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 102.189356] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 102.198161] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 102.206895] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 102.215558] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 102.224126] [ 102.225841] Allocated by task 1453: [ 102.229744] kmem_cache_alloc_trace+0xb4/0x170 [ 102.234940] kmalloc_node_oob_right+0x30/0x70 [test_kasan] [ 102.241200] kmalloc_tests_init+0x18/0x35c [test_kasan] [ 102.246837] do_one_initcall+0x60/0x1b0 [ 102.251047] do_init_module+0xd4/0x2cc [ 102.255165] load_module+0x3110/0x3af0 [ 102.259299] SyS_init_module+0x184/0x1bc [ 102.263637] ret_fast_syscall+0x0/0x48 [ 102.267651] [ 102.269367] Freed by task 0: [ 102.272498] (stack is not available) [ 102.276338] [ 102.278107] The buggy address belongs to the object at cac84900 [ 102.278107] which belongs to the cache kmalloc-4096 of size 4096 [ 102.290832] The buggy address is located 0 bytes to the right of [ 102.290832] 4096-byte region [cac84900, cac85900) [ 102.302216] The buggy address belongs to the page: [ 102.307378] page:ee951080 count:1 mapcount:0 mapping:cac84900 index:0x0 compound_mapcount: 0 [ 102.316392] flags: 0x8100(slab|head) [ 102.320445] raw: 00008100 cac84900 00000000 00000001 00000001 ee95e754 d000140c d0000540 [ 102.329029] page dumped because: kasan: bad access detected [ 102.334909] [ 102.336608] Memory state around the buggy address: [ 102.341793] cac85800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 102.348763] cac85880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 102.355733] >cac85900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.362612] ^ [ 102.365479] cac85980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.372454] cac85a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.379362] ================================================================== [ 102.387622] kasan test: kmalloc_large_oob_right kmalloc large allocation: out-of-bounds to right [ 102.424790] ================================================================== [ 102.432931] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x60/0x78 [test_kasan] [ 102.441905] Write of size 1 at addr cabfff00 by task insmod/1453 [ 102.448239] [ 102.450050] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 102.460444] Hardware name: Broadcom STB (Flattened Device Tree) [ 102.466913] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 102.475282] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 102.483161] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 102.492489] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 102.502413] [] (kasan_report) from [] (kmalloc_large_oob_right+0x60/0x78 [test_kasan]) [ 102.513523] [] (kmalloc_large_oob_right [test_kasan]) from [] (kmalloc_tests_init+0x1c/0x35c [test_kasan]) [ 102.526051] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 102.536368] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 102.545162] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 102.553890] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 102.562544] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 102.571104] [ 102.572865] The buggy address belongs to the object at ca800000 [ 102.572865] which belongs to the cache kmalloc-4194304 of size 4194304 [ 102.586109] The buggy address is located 4194048 bytes inside of [ 102.586109] 4194304-byte region [ca800000, cac00000) [ 102.597768] The buggy address belongs to the page: [ 102.602912] page:ee948000 count:1 mapcount:0 mapping:ca800000 index:0x0 compound_mapcount: 0 [ 102.611915] flags: 0x8100(slab|head) [ 102.615955] raw: 00008100 ca800000 00000000 00000001 00000001 d000190c d000190c d0000cc0 [ 102.624552] page dumped because: kasan: bad access detected [ 102.630442] [ 102.632138] Memory state around the buggy address: [ 102.637332] cabffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 102.644311] cabffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 102.651291] >cabfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.658173] ^ [ 102.661035] cabfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.668002] cac00000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.674899] ================================================================== [ 102.688490] kasan test: kmalloc_oob_krealloc_more out-of-bounds after krealloc more [ 102.697666] ================================================================== [ 102.705816] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan] [ 102.714971] Write of size 1 at addr cb182213 by task insmod/1453 [ 102.721310] [ 102.723113] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 102.733503] Hardware name: Broadcom STB (Flattened Device Tree) [ 102.739971] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 102.748348] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 102.756226] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 102.765561] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 102.775491] [] (kasan_report) from [] (kmalloc_oob_krealloc_more+0x78/0x90 [test_kasan]) [ 102.786776] [] (kmalloc_oob_krealloc_more [test_kasan]) from [] (kmalloc_tests_init+0x20/0x35c [test_kasan]) [ 102.799486] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 102.809801] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 102.818603] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 102.827313] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 102.835959] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 102.844530] [ 102.846238] Allocated by task 1453: [ 102.850081] krealloc+0x44/0xc8 [ 102.853917] kmalloc_oob_krealloc_more+0x44/0x90 [test_kasan] [ 102.860440] kmalloc_tests_init+0x20/0x35c [test_kasan] [ 102.866057] do_one_initcall+0x60/0x1b0 [ 102.870262] do_init_module+0xd4/0x2cc [ 102.874395] load_module+0x3110/0x3af0 [ 102.878519] SyS_init_module+0x184/0x1bc [ 102.882826] ret_fast_syscall+0x0/0x48 [ 102.886831] [ 102.888530] Freed by task 0: [ 102.891651] (stack is not available) [ 102.895483] [ 102.897239] The buggy address belongs to the object at cb182200 [ 102.897239] which belongs to the cache kmalloc-64 of size 64 [ 102.909599] The buggy address is located 19 bytes inside of [ 102.909599] 64-byte region [cb182200, cb182240) [ 102.920360] The buggy address belongs to the page: [ 102.925516] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0 [ 102.932541] flags: 0x100(slab) [ 102.936045] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000 [ 102.944642] page dumped because: kasan: bad access detected [ 102.950530] [ 102.952228] Memory state around the buggy address: [ 102.957429] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.964408] cb182180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.971391] >cb182200: 00 00 03 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.978279] ^ [ 102.981678] cb182280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 102.988653] cb182300: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.995558] ================================================================== [ 103.003661] kasan test: kmalloc_oob_krealloc_less out-of-bounds after krealloc less [ 103.012824] ================================================================== [ 103.020973] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan] [ 103.030125] Write of size 1 at addr cb18218f by task insmod/1453 [ 103.036467] [ 103.038272] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 103.048670] Hardware name: Broadcom STB (Flattened Device Tree) [ 103.055136] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 103.063511] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 103.071394] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 103.080712] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 103.090645] [] (kasan_report) from [] (kmalloc_oob_krealloc_less+0x78/0x90 [test_kasan]) [ 103.101928] [] (kmalloc_oob_krealloc_less [test_kasan]) from [] (kmalloc_tests_init+0x24/0x35c [test_kasan]) [ 103.114640] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 103.124951] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 103.133754] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 103.142470] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 103.151105] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 103.159673] [ 103.161390] Allocated by task 1453: [ 103.165227] krealloc+0x44/0xc8 [ 103.169068] kmalloc_oob_krealloc_less+0x44/0x90 [test_kasan] [ 103.175589] kmalloc_tests_init+0x24/0x35c [test_kasan] [ 103.181207] do_one_initcall+0x60/0x1b0 [ 103.185433] do_init_module+0xd4/0x2cc [ 103.189553] load_module+0x3110/0x3af0 [ 103.193669] SyS_init_module+0x184/0x1bc [ 103.197976] ret_fast_syscall+0x0/0x48 [ 103.201980] [ 103.203680] Freed by task 0: [ 103.206803] (stack is not available) [ 103.210628] [ 103.212393] The buggy address belongs to the object at cb182180 [ 103.212393] which belongs to the cache kmalloc-64 of size 64 [ 103.224742] The buggy address is located 15 bytes inside of [ 103.224742] 64-byte region [cb182180, cb1821c0) [ 103.235500] The buggy address belongs to the page: [ 103.240643] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0 [ 103.247654] flags: 0x100(slab) [ 103.251157] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000 [ 103.259751] page dumped because: kasan: bad access detected [ 103.265634] [ 103.267341] Memory state around the buggy address: [ 103.272534] cb182080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.279513] cb182100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.286490] >cb182180: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.293378] ^ [ 103.296513] cb182200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 103.303491] cb182280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 103.310398] ================================================================== [ 103.318645] kasan test: kmalloc_oob_16 kmalloc out-of-bounds for 16-bytes access [ 103.327807] ================================================================== [ 103.335944] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x78/0xa4 [test_kasan] [ 103.344114] Write of size 16 at addr cb182100 by task insmod/1453 [ 103.350539] [ 103.352353] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 103.362746] Hardware name: Broadcom STB (Flattened Device Tree) [ 103.369218] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 103.377603] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 103.385493] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 103.394819] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 103.404740] [] (kasan_report) from [] (kmalloc_oob_16+0x78/0xa4 [test_kasan]) [ 103.415029] [] (kmalloc_oob_16 [test_kasan]) from [] (kmalloc_tests_init+0x28/0x35c [test_kasan]) [ 103.426756] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 103.437058] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 103.445862] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 103.454577] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 103.463215] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 103.471786] [ 103.473494] Allocated by task 1453: [ 103.477395] kmem_cache_alloc_trace+0xb4/0x170 [ 103.482566] kmalloc_oob_16+0x30/0xa4 [test_kasan] [ 103.488094] kmalloc_tests_init+0x28/0x35c [test_kasan] [ 103.493713] do_one_initcall+0x60/0x1b0 [ 103.497913] do_init_module+0xd4/0x2cc [ 103.502021] load_module+0x3110/0x3af0 [ 103.506136] SyS_init_module+0x184/0x1bc [ 103.510456] ret_fast_syscall+0x0/0x48 [ 103.514471] [ 103.516172] Freed by task 0: [ 103.519309] (stack is not available) [ 103.523140] [ 103.524896] The buggy address belongs to the object at cb182100 [ 103.524896] which belongs to the cache kmalloc-64 of size 64 [ 103.537236] The buggy address is located 0 bytes inside of [ 103.537236] 64-byte region [cb182100, cb182140) [ 103.547910] The buggy address belongs to the page: [ 103.553051] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0 [ 103.560062] flags: 0x100(slab) [ 103.563577] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000 [ 103.572163] page dumped because: kasan: bad access detected [ 103.578051] [ 103.579751] Memory state around the buggy address: [ 103.584932] cb182000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.591900] cb182080: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.598867] >cb182100: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.605744] ^ [ 103.608868] cb182180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 103.615834] cb182200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 103.622729] ================================================================== [ 103.631013] kasan test: kmalloc_oob_in_memset out-of-bounds in memset [ 103.638659] ================================================================== [ 103.646828] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x58/0x68 [test_kasan] [ 103.655638] Write of size 671 at addr cad5db40 by task insmod/1453 [ 103.662145] [ 103.663946] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 103.674342] Hardware name: Broadcom STB (Flattened Device Tree) [ 103.680815] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 103.689177] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 103.697056] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 103.706378] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 103.715985] [] (kasan_report) from [] (memset+0x20/0x34) [ 103.724003] [] (memset) from [] (kmalloc_oob_in_memset+0x58/0x68 [test_kasan]) [ 103.734395] [] (kmalloc_oob_in_memset [test_kasan]) from [] (kmalloc_tests_init+0x2c/0x35c [test_kasan]) [ 103.746745] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 103.757048] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 103.765852] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 103.774567] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 103.783205] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 103.791774] [ 103.793484] Allocated by task 1453: [ 103.797385] kmem_cache_alloc_trace+0xb4/0x170 [ 103.802562] kmalloc_oob_in_memset+0x30/0x68 [test_kasan] [ 103.808729] kmalloc_tests_init+0x2c/0x35c [test_kasan] [ 103.814363] do_one_initcall+0x60/0x1b0 [ 103.818573] do_init_module+0xd4/0x2cc [ 103.822681] load_module+0x3110/0x3af0 [ 103.826796] SyS_init_module+0x184/0x1bc [ 103.831103] ret_fast_syscall+0x0/0x48 [ 103.835108] [ 103.836808] Freed by task 0: [ 103.839930] (stack is not available) [ 103.843754] [ 103.845519] The buggy address belongs to the object at cad5db40 [ 103.845519] which belongs to the cache kmalloc-1024 of size 1024 [ 103.858218] The buggy address is located 0 bytes inside of [ 103.858218] 1024-byte region [cad5db40, cad5df40) [ 103.869071] The buggy address belongs to the page: [ 103.874215] page:ee952b80 count:1 mapcount:0 mapping:cad5c040 index:0x0 compound_mapcount: 0 [ 103.883237] flags: 0x8100(slab|head) [ 103.887289] raw: 00008100 cad5c040 00000000 00000007 00000001 ee950f14 d000130c d00003c0 [ 103.895881] page dumped because: kasan: bad access detected [ 103.901763] [ 103.903466] Memory state around the buggy address: [ 103.908650] cad5dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.915629] cad5dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.922609] >cad5dd80: 00 00 00 00 00 00 00 00 00 00 00 02 fc fc fc fc [ 103.929513] ^ [ 103.935333] cad5de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.942308] cad5de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 103.949208] ================================================================== [ 103.957453] kasan test: kmalloc_oob_memset_2 out-of-bounds in memset2 [ 103.964912] ================================================================== [ 103.973051] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x5c/0x6c [test_kasan] [ 103.981764] Write of size 2 at addr cb182007 by task insmod/1453 [ 103.988094] [ 103.989893] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 104.000283] Hardware name: Broadcom STB (Flattened Device Tree) [ 104.006766] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 104.015128] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 104.023002] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 104.032322] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 104.041940] [] (kasan_report) from [] (memset+0x20/0x34) [ 104.049960] [] (memset) from [] (kmalloc_oob_memset_2+0x5c/0x6c [test_kasan]) [ 104.060258] [] (kmalloc_oob_memset_2 [test_kasan]) from [] (kmalloc_tests_init+0x30/0x35c [test_kasan]) [ 104.072531] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 104.082847] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 104.091650] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 104.100363] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 104.109000] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 104.117570] [ 104.119284] Allocated by task 1453: [ 104.123180] kmem_cache_alloc_trace+0xb4/0x170 [ 104.128367] kmalloc_oob_memset_2+0x30/0x6c [test_kasan] [ 104.134442] kmalloc_tests_init+0x30/0x35c [test_kasan] [ 104.140061] do_one_initcall+0x60/0x1b0 [ 104.144269] do_init_module+0xd4/0x2cc [ 104.148402] load_module+0x3110/0x3af0 [ 104.152529] SyS_init_module+0x184/0x1bc [ 104.156837] ret_fast_syscall+0x0/0x48 [ 104.160841] [ 104.162543] Freed by task 0: [ 104.165664] (stack is not available) [ 104.169498] [ 104.171259] The buggy address belongs to the object at cb182000 [ 104.171259] which belongs to the cache kmalloc-64 of size 64 [ 104.183618] The buggy address is located 7 bytes inside of [ 104.183618] 64-byte region [cb182000, cb182040) [ 104.194288] The buggy address belongs to the page: [ 104.199448] page:ee95b040 count:1 mapcount:0 mapping:cb182000 index:0x0 [ 104.206472] flags: 0x100(slab) [ 104.209977] raw: 00000100 cb182000 00000000 00000020 00000001 ee9616f4 ee95e894 d0000000 [ 104.218573] page dumped because: kasan: bad access detected [ 104.224470] [ 104.226169] Memory state around the buggy address: [ 104.231367] cb181f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 104.238348] cb181f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 104.245324] >cb182000: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.252205] ^ [ 104.255354] cb182080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.262336] cb182100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.269235] ================================================================== [ 104.277474] kasan test: kmalloc_oob_memset_4 out-of-bounds in memset4 [ 104.284953] ================================================================== [ 104.293092] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x5c/0x6c [test_kasan] [ 104.301799] Write of size 4 at addr cb183f85 by task insmod/1453 [ 104.308129] [ 104.309928] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 104.320321] Hardware name: Broadcom STB (Flattened Device Tree) [ 104.326799] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 104.335164] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 104.343045] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 104.352366] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 104.361979] [] (kasan_report) from [] (memset+0x20/0x34) [ 104.369999] [] (memset) from [] (kmalloc_oob_memset_4+0x5c/0x6c [test_kasan]) [ 104.380298] [] (kmalloc_oob_memset_4 [test_kasan]) from [] (kmalloc_tests_init+0x34/0x35c [test_kasan]) [ 104.392567] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 104.402884] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 104.411686] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 104.420399] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 104.429038] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 104.437608] [ 104.439329] Allocated by task 1453: [ 104.443220] kmem_cache_alloc_trace+0xb4/0x170 [ 104.448408] kmalloc_oob_memset_4+0x30/0x6c [test_kasan] [ 104.454482] kmalloc_tests_init+0x34/0x35c [test_kasan] [ 104.460099] do_one_initcall+0x60/0x1b0 [ 104.464310] do_init_module+0xd4/0x2cc [ 104.468438] load_module+0x3110/0x3af0 [ 104.472562] SyS_init_module+0x184/0x1bc [ 104.476870] ret_fast_syscall+0x0/0x48 [ 104.480875] [ 104.482577] Freed by task 0: [ 104.485698] (stack is not available) [ 104.489525] [ 104.491284] The buggy address belongs to the object at cb183f80 [ 104.491284] which belongs to the cache kmalloc-64 of size 64 [ 104.503637] The buggy address is located 5 bytes inside of [ 104.503637] 64-byte region [cb183f80, cb183fc0) [ 104.514309] The buggy address belongs to the page: [ 104.519465] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 104.526484] flags: 0x100(slab) [ 104.529989] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 104.538585] page dumped because: kasan: bad access detected [ 104.544480] [ 104.546178] Memory state around the buggy address: [ 104.551378] cb183e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.558360] cb183f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.565341] >cb183f80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.572221] ^ [ 104.575366] cb184000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.582349] cb184080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.589249] ================================================================== [ 104.597495] kasan test: kmalloc_oob_memset_8 out-of-bounds in memset8 [ 104.604928] ================================================================== [ 104.613072] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x5c/0x6c [test_kasan] [ 104.621782] Write of size 8 at addr cb183f01 by task insmod/1453 [ 104.628110] [ 104.629909] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 104.640299] Hardware name: Broadcom STB (Flattened Device Tree) [ 104.646779] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 104.655142] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 104.663017] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 104.672337] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 104.681949] [] (kasan_report) from [] (memset+0x20/0x34) [ 104.689970] [] (memset) from [] (kmalloc_oob_memset_8+0x5c/0x6c [test_kasan]) [ 104.700272] [] (kmalloc_oob_memset_8 [test_kasan]) from [] (kmalloc_tests_init+0x38/0x35c [test_kasan]) [ 104.712541] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 104.722856] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 104.731661] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 104.740373] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 104.749010] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 104.757583] [ 104.759299] Allocated by task 1453: [ 104.763193] kmem_cache_alloc_trace+0xb4/0x170 [ 104.768378] kmalloc_oob_memset_8+0x30/0x6c [test_kasan] [ 104.774453] kmalloc_tests_init+0x38/0x35c [test_kasan] [ 104.780070] do_one_initcall+0x60/0x1b0 [ 104.784277] do_init_module+0xd4/0x2cc [ 104.788403] load_module+0x3110/0x3af0 [ 104.792531] SyS_init_module+0x184/0x1bc [ 104.796839] ret_fast_syscall+0x0/0x48 [ 104.800843] [ 104.802544] Freed by task 0: [ 104.805666] (stack is not available) [ 104.809498] [ 104.811258] The buggy address belongs to the object at cb183f00 [ 104.811258] which belongs to the cache kmalloc-64 of size 64 [ 104.823614] The buggy address is located 1 bytes inside of [ 104.823614] 64-byte region [cb183f00, cb183f40) [ 104.834286] The buggy address belongs to the page: [ 104.839444] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 104.846467] flags: 0x100(slab) [ 104.849970] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 104.858570] page dumped because: kasan: bad access detected [ 104.864466] [ 104.866165] Memory state around the buggy address: [ 104.871364] cb183e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.878347] cb183e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.885326] >cb183f00: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.892207] ^ [ 104.895356] cb183f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.902337] cb184000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 104.909235] ================================================================== [ 104.917473] kasan test: kmalloc_oob_memset_16 out-of-bounds in memset16 [ 104.925082] ================================================================== [ 104.933214] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x5c/0x6c [test_kasan] [ 104.942023] Write of size 16 at addr cb183e81 by task insmod/1453 [ 104.948453] [ 104.950258] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 104.960667] Hardware name: Broadcom STB (Flattened Device Tree) [ 104.967135] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 104.975510] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 104.983395] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 104.992717] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 105.002334] [] (kasan_report) from [] (memset+0x20/0x34) [ 105.010356] [] (memset) from [] (kmalloc_oob_memset_16+0x5c/0x6c [test_kasan]) [ 105.020741] [] (kmalloc_oob_memset_16 [test_kasan]) from [] (kmalloc_tests_init+0x3c/0x35c [test_kasan]) [ 105.033091] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 105.043404] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 105.052196] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 105.060913] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 105.069564] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 105.078121] [ 105.079825] Allocated by task 1453: [ 105.083712] kmem_cache_alloc_trace+0xb4/0x170 [ 105.088892] kmalloc_oob_memset_16+0x30/0x6c [test_kasan] [ 105.095046] kmalloc_tests_init+0x3c/0x35c [test_kasan] [ 105.100664] do_one_initcall+0x60/0x1b0 [ 105.104865] do_init_module+0xd4/0x2cc [ 105.108975] load_module+0x3110/0x3af0 [ 105.113088] SyS_init_module+0x184/0x1bc [ 105.117409] ret_fast_syscall+0x0/0x48 [ 105.121428] [ 105.123130] Freed by task 0: [ 105.126260] (stack is not available) [ 105.130099] [ 105.131853] The buggy address belongs to the object at cb183e80 [ 105.131853] which belongs to the cache kmalloc-64 of size 64 [ 105.144192] The buggy address is located 1 bytes inside of [ 105.144192] 64-byte region [cb183e80, cb183ec0) [ 105.154867] The buggy address belongs to the page: [ 105.160009] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 105.167020] flags: 0x100(slab) [ 105.170536] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 105.179122] page dumped because: kasan: bad access detected [ 105.185004] [ 105.186701] Memory state around the buggy address: [ 105.191884] cb183d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.198851] cb183e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.205820] >cb183e80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.212698] ^ [ 105.216091] cb183f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.223059] cb183f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.229953] ================================================================== [ 105.238004] kasan test: kmalloc_uaf use-after-free [ 105.244102] ================================================================== [ 105.252221] BUG: KASAN: use-after-free in kmalloc_uaf+0x58/0x68 [test_kasan] [ 105.259698] Write of size 1 at addr cb183e08 by task insmod/1453 [ 105.266027] [ 105.267827] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 105.278209] Hardware name: Broadcom STB (Flattened Device Tree) [ 105.284703] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 105.293065] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 105.300939] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 105.310252] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 105.320182] [] (kasan_report) from [] (kmalloc_uaf+0x58/0x68 [test_kasan]) [ 105.330209] [] (kmalloc_uaf [test_kasan]) from [] (kmalloc_tests_init+0x40/0x35c [test_kasan]) [ 105.341674] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 105.351982] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 105.360787] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 105.369505] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 105.378142] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 105.386710] [ 105.388423] Allocated by task 1453: [ 105.392317] kmem_cache_alloc_trace+0xb4/0x170 [ 105.397487] kmalloc_uaf+0x30/0x68 [test_kasan] [ 105.402758] kmalloc_tests_init+0x40/0x35c [test_kasan] [ 105.408389] do_one_initcall+0x60/0x1b0 [ 105.412597] do_init_module+0xd4/0x2cc [ 105.416705] load_module+0x3110/0x3af0 [ 105.420819] SyS_init_module+0x184/0x1bc [ 105.425126] ret_fast_syscall+0x0/0x48 [ 105.429130] [ 105.430833] Freed by task 1453: [ 105.434344] kfree+0x64/0x100 [ 105.437983] kmalloc_uaf+0x50/0x68 [test_kasan] [ 105.443246] kmalloc_tests_init+0x40/0x35c [test_kasan] [ 105.448877] do_one_initcall+0x60/0x1b0 [ 105.453079] do_init_module+0xd4/0x2cc [ 105.457188] load_module+0x3110/0x3af0 [ 105.461319] SyS_init_module+0x184/0x1bc [ 105.465634] ret_fast_syscall+0x0/0x48 [ 105.469638] [ 105.471403] The buggy address belongs to the object at cb183e00 [ 105.471403] which belongs to the cache kmalloc-64 of size 64 [ 105.483749] The buggy address is located 8 bytes inside of [ 105.483749] 64-byte region [cb183e00, cb183e40) [ 105.494422] The buggy address belongs to the page: [ 105.499573] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 105.506589] flags: 0x100(slab) [ 105.510094] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 105.518688] page dumped because: kasan: bad access detected [ 105.524572] [ 105.526279] Memory state around the buggy address: [ 105.531479] cb183d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.538456] cb183d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.545437] >cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.552325] ^ [ 105.555460] cb183e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.562442] cb183f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.569352] ================================================================== [ 105.577198] kasan test: kmalloc_uaf_memset use-after-free in memset [ 105.585014] ================================================================== [ 105.593150] BUG: KASAN: use-after-free in kmalloc_tests_init+0x44/0x35c [test_kasan] [ 105.601420] Write of size 33 at addr cb183d80 by task insmod/1453 [ 105.607836] [ 105.609637] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 105.620019] Hardware name: Broadcom STB (Flattened Device Tree) [ 105.626501] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 105.634870] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 105.642758] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 105.652066] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 105.661682] [] (kasan_report) from [] (memset+0x20/0x34) [ 105.669707] [] (memset) from [] (kmalloc_tests_init+0x44/0x35c [test_kasan]) [ 105.679557] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 105.689871] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 105.698676] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 105.707390] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 105.716025] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 105.724597] [ 105.726311] Allocated by task 1453: [ 105.730203] kmem_cache_alloc_trace+0xb4/0x170 [ 105.735391] kmalloc_uaf_memset+0x30/0x68 [test_kasan] [ 105.741283] kmalloc_tests_init+0x44/0x35c [test_kasan] [ 105.746909] do_one_initcall+0x60/0x1b0 [ 105.751109] do_init_module+0xd4/0x2cc [ 105.755220] load_module+0x3110/0x3af0 [ 105.759361] SyS_init_module+0x184/0x1bc [ 105.763668] ret_fast_syscall+0x0/0x48 [ 105.767672] [ 105.769385] Freed by task 1453: [ 105.772886] kfree+0x64/0x100 [ 105.776546] kmalloc_uaf_memset+0x50/0x68 [test_kasan] [ 105.782446] kmalloc_tests_init+0x44/0x35c [test_kasan] [ 105.788062] do_one_initcall+0x60/0x1b0 [ 105.792267] do_init_module+0xd4/0x2cc [ 105.796396] load_module+0x3110/0x3af0 [ 105.800521] SyS_init_module+0x184/0x1bc [ 105.804828] ret_fast_syscall+0x0/0x48 [ 105.808834] [ 105.810588] The buggy address belongs to the object at cb183d80 [ 105.810588] which belongs to the cache kmalloc-64 of size 64 [ 105.822925] The buggy address is located 0 bytes inside of [ 105.822925] 64-byte region [cb183d80, cb183dc0) [ 105.833598] The buggy address belongs to the page: [ 105.838741] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 105.845752] flags: 0x100(slab) [ 105.849263] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 105.857858] page dumped because: kasan: bad access detected [ 105.863739] [ 105.865444] Memory state around the buggy address: [ 105.870631] cb183c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.877613] cb183d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.884593] >cb183d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.891483] ^ [ 105.894352] cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.901334] cb183e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.908233] ================================================================== [ 105.916094] kasan test: kmalloc_uaf2 use-after-free after another kmalloc [ 105.924783] ================================================================== [ 105.932911] BUG: KASAN: use-after-free in kmalloc_uaf2+0x74/0xa4 [test_kasan] [ 105.940479] Write of size 1 at addr cb183d28 by task insmod/1453 [ 105.946808] [ 105.948610] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 105.958991] Hardware name: Broadcom STB (Flattened Device Tree) [ 105.965474] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 105.973845] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 105.981733] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 105.991041] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 106.000959] [] (kasan_report) from [] (kmalloc_uaf2+0x74/0xa4 [test_kasan]) [ 106.011065] [] (kmalloc_uaf2 [test_kasan]) from [] (kmalloc_tests_init+0x48/0x35c [test_kasan]) [ 106.022610] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 106.032925] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 106.041727] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 106.050441] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 106.059077] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 106.067646] [ 106.069367] Allocated by task 1453: [ 106.073259] kmem_cache_alloc_trace+0xb4/0x170 [ 106.078436] kmalloc_uaf2+0x30/0xa4 [test_kasan] [ 106.083796] kmalloc_tests_init+0x48/0x35c [test_kasan] [ 106.089428] do_one_initcall+0x60/0x1b0 [ 106.093631] do_init_module+0xd4/0x2cc [ 106.097739] load_module+0x3110/0x3af0 [ 106.101852] SyS_init_module+0x184/0x1bc [ 106.106158] ret_fast_syscall+0x0/0x48 [ 106.110170] [ 106.111878] Freed by task 1453: [ 106.115390] kfree+0x64/0x100 [ 106.119030] kmalloc_uaf2+0x50/0xa4 [test_kasan] [ 106.124389] kmalloc_tests_init+0x48/0x35c [test_kasan] [ 106.130007] do_one_initcall+0x60/0x1b0 [ 106.134208] do_init_module+0xd4/0x2cc [ 106.138345] load_module+0x3110/0x3af0 [ 106.142467] SyS_init_module+0x184/0x1bc [ 106.146775] ret_fast_syscall+0x0/0x48 [ 106.150781] [ 106.152538] The buggy address belongs to the object at cb183d00 [ 106.152538] which belongs to the cache kmalloc-64 of size 64 [ 106.164882] The buggy address is located 40 bytes inside of [ 106.164882] 64-byte region [cb183d00, cb183d40) [ 106.175645] The buggy address belongs to the page: [ 106.180788] page:ee95b060 count:1 mapcount:0 mapping:cb183000 index:0x0 [ 106.187798] flags: 0x100(slab) [ 106.191312] raw: 00000100 cb183000 00000000 00000020 00000001 ee95e894 d000108c d0000000 [ 106.199900] page dumped because: kasan: bad access detected [ 106.205782] [ 106.207483] Memory state around the buggy address: [ 106.212663] cb183c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.219640] cb183c80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 106.226619] >cb183d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 106.233515] ^ [ 106.237712] cb183d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 106.244688] cb183e00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 106.251590] ================================================================== [ 106.262793] kasan test: kmem_cache_oob out-of-bounds in kmem_cache_alloc [ 106.270686] ================================================================== [ 106.278825] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x88/0xb8 [test_kasan] [ 106.286996] Read of size 1 at addr cb184f78 by task insmod/1453 [ 106.293239] [ 106.295051] CPU: 2 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 106.305445] Hardware name: Broadcom STB (Flattened Device Tree) [ 106.311914] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 106.320283] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 106.328166] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 106.337495] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 106.347417] [] (kasan_report) from [] (kmem_cache_oob+0x88/0xb8 [test_kasan]) [ 106.357708] [] (kmem_cache_oob [test_kasan]) from [] (kmalloc_tests_init+0x4c/0x35c [test_kasan]) [ 106.369435] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 106.379750] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 106.388558] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 106.397267] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 106.405922] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 106.414491] [ 106.416198] Allocated by task 1453: [ 106.420081] kmem_cache_alloc+0xac/0x16c [ 106.424720] kmem_cache_oob+0x64/0xb8 [test_kasan] [ 106.430252] kmalloc_tests_init+0x4c/0x35c [test_kasan] [ 106.435880] do_one_initcall+0x60/0x1b0 [ 106.440084] do_init_module+0xd4/0x2cc [ 106.444191] load_module+0x3110/0x3af0 [ 106.448321] SyS_init_module+0x184/0x1bc [ 106.452635] ret_fast_syscall+0x0/0x48 [ 106.456641] [ 106.458353] Freed by task 0: [ 106.461480] (stack is not available) [ 106.465313] [ 106.467071] The buggy address belongs to the object at cb184eb0 [ 106.467071] which belongs to the cache test_cache of size 200 [ 106.479514] The buggy address is located 0 bytes to the right of [ 106.479514] 200-byte region [cb184eb0, cb184f78) [ 106.490804] The buggy address belongs to the page: [ 106.495945] page:ee95b080 count:1 mapcount:0 mapping:cb184040 index:0x0 [ 106.502959] flags: 0x100(slab) [ 106.506476] raw: 00000100 cb184040 00000000 0000000f 00000001 cb183b8c cb183b8c cdc35780 [ 106.515063] page dumped because: kasan: bad access detected [ 106.520946] [ 106.522642] Memory state around the buggy address: [ 106.527824] cb184e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.534793] cb184e80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 106.541761] >cb184f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 106.548655] ^ [ 106.555546] cb184f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.562527] cb185000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 106.569433] ================================================================== [ 106.598153] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object [ 107.145531] kasan test: kasan_stack_oob out-of-bounds on stack [ 107.151915] kasan test: kasan_global_oob out-of-bounds global variable [ 107.159004] kasan test: ksize_unpoisons_memory ksize() unpoisons the whole allocated chunk [ 107.168566] ================================================================== [ 107.176705] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x6c/0x84 [test_kasan] [ 107.185593] Write of size 1 at addr cb347a40 by task insmod/1453 [ 107.191920] [ 107.193723] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 107.204106] Hardware name: Broadcom STB (Flattened Device Tree) [ 107.210581] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 107.218944] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 107.226817] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 107.236127] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 107.246046] [] (kasan_report) from [] (ksize_unpoisons_memory+0x6c/0x84 [test_kasan]) [ 107.257051] [] (ksize_unpoisons_memory [test_kasan]) from [] (kmalloc_tests_init+0x5c/0x35c [test_kasan]) [ 107.269479] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 107.279783] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 107.288579] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 107.297282] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 107.305919] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 107.314480] [ 107.316187] Allocated by task 1453: [ 107.320078] kmem_cache_alloc_trace+0xb4/0x170 [ 107.325251] ksize_unpoisons_memory+0x30/0x84 [test_kasan] [ 107.331495] kmalloc_tests_init+0x5c/0x35c [test_kasan] [ 107.337113] do_one_initcall+0x60/0x1b0 [ 107.341317] do_init_module+0xd4/0x2cc [ 107.345424] load_module+0x3110/0x3af0 [ 107.349540] SyS_init_module+0x184/0x1bc [ 107.353848] ret_fast_syscall+0x0/0x48 [ 107.357855] [ 107.359554] Freed by task 0: [ 107.362677] (stack is not available) [ 107.366501] [ 107.368256] The buggy address belongs to the object at cb3479c0 [ 107.368256] which belongs to the cache kmalloc-128 of size 128 [ 107.380776] The buggy address is located 0 bytes to the right of [ 107.380776] 128-byte region [cb3479c0, cb347a40) [ 107.392062] The buggy address belongs to the page: [ 107.397206] page:ee95e8e0 count:1 mapcount:0 mapping:cb347000 index:0x0 [ 107.404219] flags: 0x100(slab) [ 107.407727] raw: 00000100 cb347000 00000000 00000015 00000001 ee967b94 d000110c d00000c0 [ 107.416312] page dumped because: kasan: bad access detected [ 107.422192] [ 107.423888] Memory state around the buggy address: [ 107.429068] cb347900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.436035] cb347980: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 107.443004] >cb347a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 107.449890] ^ [ 107.454892] cb347a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 107.461859] cb347b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 107.468756] ================================================================== [ 107.478535] kasan test: copy_user_test out-of-bounds in copy_from_user() [ 107.485803] ================================================================== [ 107.493934] BUG: KASAN: slab-out-of-bounds in copy_user_test+0xb4/0x234 [test_kasan] [ 107.502195] Write of size 11 at addr cb344100 by task insmod/1453 [ 107.508613] [ 107.510413] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 107.520797] Hardware name: Broadcom STB (Flattened Device Tree) [ 107.527267] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 107.535629] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 107.543505] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 107.552815] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 107.562729] [] (kasan_report) from [] (copy_user_test+0xb4/0x234 [test_kasan]) [ 107.573101] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 107.584818] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 107.595123] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 107.603918] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 107.612623] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 107.621261] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 107.629818] [ 107.631524] Allocated by task 1453: [ 107.635412] kmem_cache_alloc_trace+0xb4/0x170 [ 107.640577] copy_user_test+0x24/0x234 [test_kasan] [ 107.646195] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 107.651813] do_one_initcall+0x60/0x1b0 [ 107.656014] do_init_module+0xd4/0x2cc [ 107.660125] load_module+0x3110/0x3af0 [ 107.664241] SyS_init_module+0x184/0x1bc [ 107.668549] ret_fast_syscall+0x0/0x48 [ 107.672553] [ 107.674254] Freed by task 0: [ 107.677374] (stack is not available) [ 107.681198] [ 107.682953] The buggy address belongs to the object at cb344100 [ 107.682953] which belongs to the cache kmalloc-64 of size 64 [ 107.695289] The buggy address is located 0 bytes inside of [ 107.695289] 64-byte region [cb344100, cb344140) [ 107.705951] The buggy address belongs to the page: [ 107.711102] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 107.718822] flags: 0x100(slab) [ 107.722333] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 107.730918] page dumped because: kasan: bad access detected [ 107.736798] [ 107.738496] Memory state around the buggy address: [ 107.743677] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.750644] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.757613] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 107.764491] ^ [ 107.767617] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 107.774585] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 107.781477] ================================================================== [ 107.789655] kasan test: copy_user_test out-of-bounds in copy_to_user() [ 107.796746] ================================================================== [ 107.804879] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x12c/0x234 [test_kasan] [ 107.813230] Read of size 11 at addr cb344100 by task insmod/1453 [ 107.819558] [ 107.821357] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 107.831739] Hardware name: Broadcom STB (Flattened Device Tree) [ 107.838207] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 107.846572] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 107.854448] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 107.863759] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 107.873676] [] (kasan_report) from [] (copy_user_test+0x12c/0x234 [test_kasan]) [ 107.884138] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 107.895852] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 107.906156] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 107.914947] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 107.923650] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 107.932286] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 107.940847] [ 107.942552] Allocated by task 1453: [ 107.946439] kmem_cache_alloc_trace+0xb4/0x170 [ 107.951604] copy_user_test+0x24/0x234 [test_kasan] [ 107.957221] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 107.962839] do_one_initcall+0x60/0x1b0 [ 107.967039] do_init_module+0xd4/0x2cc [ 107.971151] load_module+0x3110/0x3af0 [ 107.975266] SyS_init_module+0x184/0x1bc [ 107.979575] ret_fast_syscall+0x0/0x48 [ 107.983581] [ 107.985281] Freed by task 0: [ 107.988405] (stack is not available) [ 107.992231] [ 107.993985] The buggy address belongs to the object at cb344100 [ 107.993985] which belongs to the cache kmalloc-64 of size 64 [ 108.006323] The buggy address is located 0 bytes inside of [ 108.006323] 64-byte region [cb344100, cb344140) [ 108.016983] The buggy address belongs to the page: [ 108.022132] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 108.029848] flags: 0x100(slab) [ 108.033360] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 108.041943] page dumped because: kasan: bad access detected [ 108.047827] [ 108.049523] Memory state around the buggy address: [ 108.054704] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.061671] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.068641] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.075517] ^ [ 108.078643] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.085610] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.092507] ================================================================== [ 108.101783] kasan test: copy_user_test out-of-bounds in __copy_from_user() [ 108.109227] ================================================================== [ 108.117361] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x158/0x234 [test_kasan] [ 108.125709] Write of size 11 at addr cb344100 by task insmod/1453 [ 108.132128] [ 108.133928] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 108.144311] Hardware name: Broadcom STB (Flattened Device Tree) [ 108.150781] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 108.159144] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 108.167016] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 108.176328] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 108.186244] [] (kasan_report) from [] (copy_user_test+0x158/0x234 [test_kasan]) [ 108.196705] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 108.208423] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 108.218726] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 108.227519] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 108.236221] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 108.244858] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 108.253418] [ 108.255125] Allocated by task 1453: [ 108.259014] kmem_cache_alloc_trace+0xb4/0x170 [ 108.264181] copy_user_test+0x24/0x234 [test_kasan] [ 108.269799] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 108.275416] do_one_initcall+0x60/0x1b0 [ 108.279617] do_init_module+0xd4/0x2cc [ 108.283727] load_module+0x3110/0x3af0 [ 108.287839] SyS_init_module+0x184/0x1bc [ 108.292147] ret_fast_syscall+0x0/0x48 [ 108.296154] [ 108.297852] Freed by task 0: [ 108.300973] (stack is not available) [ 108.304797] [ 108.306555] The buggy address belongs to the object at cb344100 [ 108.306555] which belongs to the cache kmalloc-64 of size 64 [ 108.318895] The buggy address is located 0 bytes inside of [ 108.318895] 64-byte region [cb344100, cb344140) [ 108.329557] The buggy address belongs to the page: [ 108.334708] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 108.342426] flags: 0x100(slab) [ 108.345936] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 108.354520] page dumped because: kasan: bad access detected [ 108.360400] [ 108.362099] Memory state around the buggy address: [ 108.367278] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.374245] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.381212] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.388088] ^ [ 108.391212] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.398180] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.405076] ================================================================== [ 108.413052] kasan test: copy_user_test out-of-bounds in __copy_to_user() [ 108.420442] ================================================================== [ 108.428575] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x184/0x234 [test_kasan] [ 108.436926] Read of size 11 at addr cb344100 by task insmod/1453 [ 108.443256] [ 108.445055] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 108.455438] Hardware name: Broadcom STB (Flattened Device Tree) [ 108.461907] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 108.470272] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 108.478148] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 108.487457] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 108.497374] [] (kasan_report) from [] (copy_user_test+0x184/0x234 [test_kasan]) [ 108.507838] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 108.519555] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 108.529858] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 108.538652] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 108.547355] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 108.555992] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 108.564551] [ 108.566256] Allocated by task 1453: [ 108.570143] kmem_cache_alloc_trace+0xb4/0x170 [ 108.575307] copy_user_test+0x24/0x234 [test_kasan] [ 108.580926] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 108.586544] do_one_initcall+0x60/0x1b0 [ 108.590744] do_init_module+0xd4/0x2cc [ 108.594852] load_module+0x3110/0x3af0 [ 108.598968] SyS_init_module+0x184/0x1bc [ 108.603277] ret_fast_syscall+0x0/0x48 [ 108.607280] [ 108.608980] Freed by task 0: [ 108.612101] (stack is not available) [ 108.615927] [ 108.617680] The buggy address belongs to the object at cb344100 [ 108.617680] which belongs to the cache kmalloc-64 of size 64 [ 108.630019] The buggy address is located 0 bytes inside of [ 108.630019] 64-byte region [cb344100, cb344140) [ 108.640683] The buggy address belongs to the page: [ 108.645833] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 108.653549] flags: 0x100(slab) [ 108.657059] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 108.665644] page dumped because: kasan: bad access detected [ 108.671525] [ 108.673222] Memory state around the buggy address: [ 108.678403] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.685371] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.692338] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.699215] ^ [ 108.702340] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.709306] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 108.716201] ================================================================== [ 108.724182] kasan test: copy_user_test out-of-bounds in __copy_from_user_inatomic() [ 108.732511] ================================================================== [ 108.740646] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1b0/0x234 [test_kasan] [ 108.748996] Write of size 11 at addr cb344100 by task insmod/1453 [ 108.755415] [ 108.757209] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 108.767593] Hardware name: Broadcom STB (Flattened Device Tree) [ 108.774063] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 108.782426] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 108.790300] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 108.799611] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 108.809526] [] (kasan_report) from [] (copy_user_test+0x1b0/0x234 [test_kasan]) [ 108.819989] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 108.831703] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 108.842007] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 108.850803] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 108.859506] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 108.868144] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 108.876702] [ 108.878410] Allocated by task 1453: [ 108.882300] kmem_cache_alloc_trace+0xb4/0x170 [ 108.887470] copy_user_test+0x24/0x234 [test_kasan] [ 108.893088] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 108.898705] do_one_initcall+0x60/0x1b0 [ 108.902906] do_init_module+0xd4/0x2cc [ 108.907016] load_module+0x3110/0x3af0 [ 108.911130] SyS_init_module+0x184/0x1bc [ 108.915437] ret_fast_syscall+0x0/0x48 [ 108.919441] [ 108.921140] Freed by task 0: [ 108.924260] (stack is not available) [ 108.928084] [ 108.929836] The buggy address belongs to the object at cb344100 [ 108.929836] which belongs to the cache kmalloc-64 of size 64 [ 108.942173] The buggy address is located 0 bytes inside of [ 108.942173] 64-byte region [cb344100, cb344140) [ 108.952835] The buggy address belongs to the page: [ 108.957986] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 108.965702] flags: 0x100(slab) [ 108.969213] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 108.977800] page dumped because: kasan: bad access detected [ 108.983683] [ 108.985379] Memory state around the buggy address: [ 108.990559] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 108.997526] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.004496] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.011374] ^ [ 109.014497] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.021465] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.028359] ================================================================== [ 109.036546] kasan test: copy_user_test out-of-bounds in __copy_to_user_inatomic() [ 109.044665] ================================================================== [ 109.052799] BUG: KASAN: slab-out-of-bounds in copy_user_test+0x1dc/0x234 [test_kasan] [ 109.061147] Read of size 11 at addr cb344100 by task insmod/1453 [ 109.067476] [ 109.069276] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 109.079660] Hardware name: Broadcom STB (Flattened Device Tree) [ 109.086129] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 109.094491] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 109.102366] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 109.111678] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 109.121592] [] (kasan_report) from [] (copy_user_test+0x1dc/0x234 [test_kasan]) [ 109.132052] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 109.143765] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 109.154070] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 109.162863] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 109.171565] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 109.180203] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 109.188763] [ 109.190472] Allocated by task 1453: [ 109.194361] kmem_cache_alloc_trace+0xb4/0x170 [ 109.199529] copy_user_test+0x24/0x234 [test_kasan] [ 109.205147] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 109.210765] do_one_initcall+0x60/0x1b0 [ 109.214965] do_init_module+0xd4/0x2cc [ 109.219073] load_module+0x3110/0x3af0 [ 109.223188] SyS_init_module+0x184/0x1bc [ 109.227497] ret_fast_syscall+0x0/0x48 [ 109.231503] [ 109.233201] Freed by task 0: [ 109.236322] (stack is not available) [ 109.240146] [ 109.241898] The buggy address belongs to the object at cb344100 [ 109.241898] which belongs to the cache kmalloc-64 of size 64 [ 109.254235] The buggy address is located 0 bytes inside of [ 109.254235] 64-byte region [cb344100, cb344140) [ 109.264898] The buggy address belongs to the page: [ 109.270049] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 109.277765] flags: 0x100(slab) [ 109.281277] raw: 00000100 cb344000 cb344800 0000001f 00000001 d0001084 ee963174 d0000000 [ 109.289861] page dumped because: kasan: bad access detected [ 109.295742] [ 109.297438] Memory state around the buggy address: [ 109.302618] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.309585] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.316555] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.323431] ^ [ 109.326556] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.333526] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.340420] ================================================================== [ 109.348407] kasan test: copy_user_test out-of-bounds in strncpy_from_user() [ 109.355915] ================================================================== [ 109.363705] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x58/0x1f4 [ 109.370996] Write of size 11 at addr cb344100 by task insmod/1453 [ 109.377414] [ 109.379217] CPU: 3 PID: 1453 Comm: insmod Tainted: G B 4.14.0-rc4-00095-gcd1a365fca2e-dirty #31 [ 109.389600] Hardware name: Broadcom STB (Flattened Device Tree) [ 109.396070] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 109.404433] [] (show_stack) from [] (dump_stack+0x90/0xa4) [ 109.412306] [] (dump_stack) from [] (print_address_description+0x50/0x24c) [ 109.421615] [] (print_address_description) from [] (kasan_report+0x238/0x324) [ 109.431187] [] (kasan_report) from [] (strncpy_from_user+0x58/0x1f4) [ 109.440325] [] (strncpy_from_user) from [] (copy_user_test+0x20c/0x234 [test_kasan]) [ 109.451233] [] (copy_user_test [test_kasan]) from [] (kmalloc_tests_init+0x60/0x35c [test_kasan]) [ 109.462947] [] (kmalloc_tests_init [test_kasan]) from [] (do_one_initcall+0x60/0x1b0) [ 109.473251] [] (do_one_initcall) from [] (do_init_module+0xd4/0x2cc) [ 109.482046] [] (do_init_module) from [] (load_module+0x3110/0x3af0) [ 109.490748] [] (load_module) from [] (SyS_init_module+0x184/0x1bc) [ 109.499385] [] (SyS_init_module) from [] (ret_fast_syscall+0x0/0x48) [ 109.507946] [ 109.509652] Allocated by task 1453: [ 109.513540] kmem_cache_alloc_trace+0xb4/0x170 [ 109.518705] copy_user_test+0x24/0x234 [test_kasan] [ 109.524323] kmalloc_tests_init+0x60/0x35c [test_kasan] [ 109.529941] do_one_initcall+0x60/0x1b0 [ 109.534142] do_init_module+0xd4/0x2cc [ 109.538252] load_module+0x3110/0x3af0 [ 109.542359] SyS_init_module+0x184/0x1bc [ 109.546668] ret_fast_syscall+0x0/0x48 [ 109.550672] [ 109.552370] Freed by task 0: [ 109.555490] (stack is not available) [ 109.559315] [ 109.561069] The buggy address belongs to the object at cb344100 [ 109.561069] which belongs to the cache kmalloc-64 of size 64 [ 109.573405] The buggy address is located 0 bytes inside of [ 109.573405] 64-byte region [cb344100, cb344140) [ 109.584068] The buggy address belongs to the page: [ 109.589219] page:ee95e880 count:1 mapcount:0 mapping:cb344000 index:0xcb344800 [ 109.596935] flags: 0x100(slab) [ 109.600444] raw: 00000100 cb344000 cb344800 0000001f 00000001 ee963174 d0001084 d0000000 [ 109.609032] page dumped because: kasan: bad access detected [ 109.614911] [ 109.616608] Memory state around the buggy address: [ 109.621788] cb344000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.628756] cb344080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.635723] >cb344100: 00 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.642600] ^ [ 109.645725] cb344180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.652693] cb344200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 109.659589] ================================================================== [ 109.668931] kasan test: use_after_scope_test use-after-scope on int [ 109.675755] kasan test: use_after_scope_test use-after-scope on array insmod: can't insert 'test_kasan.ko': Resource temporarily unavailable